Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Shipment Document BL,INV and packing list.jpg.exe

  • Size

    313KB

  • Sample

    231115-jhh2tsff51

  • MD5

    e344bda7899df6fb9d12560254d07a13

  • SHA1

    5d3e07d0d41fd3e16d4f9cde32362120e5f2c8a2

  • SHA256

    cf33cf1b99aec2e58ebff495b327734f9d444884af6846ea086c210bd4ee2623

  • SHA512

    dc6a4fecfd1b4ab873c3ef5d150e2b3c48f891535a989832b16841db652e664b31f111f05f6cd02f7313e9e72bdd963d603796bb570c0297bda93954f97d8275

  • SSDEEP

    6144:wBlL/9pMUHq5ivHw521qti+5WmKasPxo9Rge/LAx9EUEgno9TF0KB:C/+UHq5mSDBK3a9GY8EUFnQF/B

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs35

Decoy

latechdz.com

sdp-ploce.com

ss203.site

sm6yuy.net

needstothink.com

heginstwp.com

blueplumespirit.com

vemconferirshop.click

yorent-auto.com

eleononaly.com

medicalspacelocators.com

7law.info

imacanberra.online

bbtyss.top

onlyanfans.com

varenty.com

fappies.shop

313865.com

hongpools.com

babkacuisine.xyz

Targets

    • Target

      Shipment Document BL,INV and packing list.jpg.exe

    • Size

      313KB

    • MD5

      e344bda7899df6fb9d12560254d07a13

    • SHA1

      5d3e07d0d41fd3e16d4f9cde32362120e5f2c8a2

    • SHA256

      cf33cf1b99aec2e58ebff495b327734f9d444884af6846ea086c210bd4ee2623

    • SHA512

      dc6a4fecfd1b4ab873c3ef5d150e2b3c48f891535a989832b16841db652e664b31f111f05f6cd02f7313e9e72bdd963d603796bb570c0297bda93954f97d8275

    • SSDEEP

      6144:wBlL/9pMUHq5ivHw521qti+5WmKasPxo9Rge/LAx9EUEgno9TF0KB:C/+UHq5mSDBK3a9GY8EUFnQF/B

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks